On 6/23/07, Eugen Leitl [EMAIL PROTECTED] wrote:
The general idea is that if you use keys in DNS to authenticate gateways
Aye, that's the rub. Most hosts are in dynamic address space,
and anything involving DNS will not fly.
It is certainly a problem, but you can get around it partially
On 6/26/07, Sandy Harris [EMAIL PROTECTED] wrote:
It is certainly a problem, but you can get around it partially even if your IP
address is dynamically assigned:
http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/quickstart.html#opp.client
You do need to use a dynamic DNS server to
On Fri, Jun 22, 2007 at 10:43:16AM -0700, Paul Hoffman wrote:
Note that that RFC is Informational only. There were a bunch of
perceived issues with it, although I think they were more purity
disagreements than anything.
FWIW, if you do *not* care about man-in-the-middle attacks (called
At 2:49 PM -0500 6/26/07, Nicolas Williams wrote:
On Fri, Jun 22, 2007 at 10:43:16AM -0700, Paul Hoffman wrote:
This was discussed many times, and always rejected as not good
enough by the purists. Then the IETF created the BTNS Working Group
which is spending huge amounts of time getting
On Tue, Jun 26, 2007 at 01:20:41PM -0700, Paul Hoffman wrote:
For all the other aspects of BTNS (IPsec connection latching [and
channel binding], IPsec APIs, leap-of-faith IPsec) agreeing on a
globally shared secret does not come close to being sufficient.
Fully agree. BTNS will definitely
At 3:26 PM -0500 6/26/07, Nicolas Williams wrote:
I strongly dislike the WG's name. Suffice it to say that it was not my
idea :); it created a lot of controversy at the time, though perhaps
that controversy helped sell the idea (why would you want this silly,
insecure stuff? because it enables
On Thu, Jun 21, 2007 at 06:00:48PM +0100, Richard Clayton wrote:
(a) the EU legislation was actually passed well over a year ago
http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2006/l_105/l_10520060413en00540063.pdf
It is not national law yet. I'm only concerned about when I
have to
On 6/22/07, Eugen Leitl [EMAIL PROTECTED] wrote:
So what's the state in ad hoc IPsec/VPN setup for any end points?
The Linux FreeS/WAN project was working on opportunistic encryption.
The general idea is that if you use keys in DNS to authenticate gateways
and IPsec for secure tunnels then
At 11:52 PM +0800 6/22/07, Sandy Harris wrote:
On 6/22/07, Eugen Leitl [EMAIL PROTECTED] wrote:
So what's the state in ad hoc IPsec/VPN setup for any end points?
The Linux FreeS/WAN project was working on opportunistic encryption.
The general idea is that if you use keys in DNS to
The wikipedia article has some information, but it could use some
edits if you have new information.
http://en.wikipedia.org/wiki/Opportunistic_encryption
rearden
On Fri, 22 Jun 2007 11:52:13 -0400 Sandy Harris
[EMAIL PROTECTED] wrote:
On 6/22/07, Eugen Leitl [EMAIL PROTECTED] wrote:
So
There's a rather ominous EU legislation to be passed soon,
which requires any party acting as a provider (you run anonymous
proxy, or mix cascade, you are a provider) to log all connection
info (when, who, with whom). What's the status of ad hoc IPsec
or any other TCP/IP-tunneling VPN for random
In article [EMAIL PROTECTED], Eugen Leitl
[EMAIL PROTECTED] writes
There's a rather ominous EU legislation to be passed soon,
which requires any party acting as a provider (you run anonymous
proxy, or mix cascade, you are a provider) to log all connection
info (when, who, with whom). What's the
12 matches
Mail list logo